<!DOCTYPE html>
<html lang="zh-CN">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>SpringSceurity03-基本原理 | 半夏のblog</title>
    <meta name="generator" content="VuePress 1.7.1">
    <link rel="icon" href="/favicon.ico">
    <meta name="description" content="">
    <meta name="viewport" content="width=device-width,initial-scale=1,user-scalable=no">
    
    <link rel="preload" href="/assets/css/0.styles.2527d501.css" as="style"><link rel="preload" href="/assets/js/app.7fda9a6b.js" as="script"><link rel="preload" href="/assets/js/5.50d24cb4.js" as="script"><link rel="preload" href="/assets/js/1.28fd28d9.js" as="script"><link rel="preload" href="/assets/js/22.25a26fe7.js" as="script"><link rel="prefetch" href="/assets/js/10.b8ddff11.js"><link rel="prefetch" href="/assets/js/11.7e7fe28b.js"><link rel="prefetch" href="/assets/js/12.5d601061.js"><link rel="prefetch" href="/assets/js/13.bb96cb3c.js"><link rel="prefetch" href="/assets/js/14.1d29522f.js"><link rel="prefetch" href="/assets/js/15.85626401.js"><link rel="prefetch" href="/assets/js/16.59d1d7d7.js"><link rel="prefetch" href="/assets/js/17.e45837e0.js"><link rel="prefetch" href="/assets/js/18.c361be68.js"><link rel="prefetch" href="/assets/js/19.90c6f38d.js"><link rel="prefetch" href="/assets/js/20.d0d87ca9.js"><link rel="prefetch" href="/assets/js/21.061b1220.js"><link rel="prefetch" href="/assets/js/23.9c950e12.js"><link rel="prefetch" href="/assets/js/24.806a451a.js"><link rel="prefetch" href="/assets/js/25.0d60cb9d.js"><link rel="prefetch" href="/assets/js/26.2222da89.js"><link rel="prefetch" href="/assets/js/27.baa1288c.js"><link rel="prefetch" href="/assets/js/28.ff8d8f93.js"><link rel="prefetch" href="/assets/js/29.5e9b6e6b.js"><link rel="prefetch" href="/assets/js/3.b8ec79fb.js"><link rel="prefetch" href="/assets/js/30.944e93f1.js"><link rel="prefetch" href="/assets/js/31.2c6331ee.js"><link rel="prefetch" href="/assets/js/32.92618a93.js"><link rel="prefetch" href="/assets/js/33.c1f1142e.js"><link rel="prefetch" href="/assets/js/34.a04d3387.js"><link rel="prefetch" href="/assets/js/35.9057addb.js"><link rel="prefetch" href="/assets/js/36.11b3e254.js"><link rel="prefetch" href="/assets/js/37.f3aec045.js"><link rel="prefetch" href="/assets/js/38.d8528c2e.js"><link rel="prefetch" href="/assets/js/39.ff5494db.js"><link rel="prefetch" href="/assets/js/4.57ebb507.js"><link rel="prefetch" href="/assets/js/6.2d087efa.js"><link rel="prefetch" href="/assets/js/7.f8606693.js"><link rel="prefetch" href="/assets/js/8.ef854897.js"><link rel="prefetch" href="/assets/js/9.5bbe7803.js">
    <link rel="stylesheet" href="/assets/css/0.styles.2527d501.css">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container no-sidebar" data-v-106e3130><div data-v-106e3130><div id="loader-wrapper" class="loading-wrapper" data-v-d48f4d20 data-v-106e3130 data-v-106e3130><div class="loader-main" data-v-d48f4d20><div data-v-d48f4d20></div><div data-v-d48f4d20></div><div data-v-d48f4d20></div><div data-v-d48f4d20></div></div> <!----> <!----></div> <div class="password-shadow password-wrapper-out" style="display:none;" data-v-4d3be7b7 data-v-106e3130 data-v-106e3130><h3 class="title" style="display:none;" data-v-4d3be7b7 data-v-4d3be7b7>半夏のblog</h3> <!----> <label id="box" class="inputBox" style="display:none;" data-v-4d3be7b7 data-v-4d3be7b7><input type="password" value="" data-v-4d3be7b7> <span data-v-4d3be7b7>Konck! Knock!</span> <button data-v-4d3be7b7>OK</button></label> <div class="footer" style="display:none;" data-v-4d3be7b7 data-v-4d3be7b7><span data-v-4d3be7b7><i class="iconfont reco-theme" data-v-4d3be7b7></i> <a target="blank" href="https://vuepress-theme-reco.recoluan.com" data-v-4d3be7b7>vuePress-theme-reco</a></span> <span data-v-4d3be7b7><i class="iconfont reco-copyright" data-v-4d3be7b7></i> <a data-v-4d3be7b7><span data-v-4d3be7b7>zhāngyùnhǎo</span>
            
          <!---->
          2021
        </a></span></div></div> <div class="hide" data-v-106e3130><div data-v-106e3130><div id="smart" class="wrapper-page" style="background-image:url(https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/wallhaven-k788y1.jpg);background-position-x:center;background-position-y:center;background-size:cover;background-repeat-x:no-repeat;background-repeat-y:no-repeat;" data-v-106e3130><header class="navbar" data-v-106e3130><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/" class="home-link router-link-active"><img src="/logo.png" alt="半夏のblog" class="logo"> <span class="site-name">半夏のblog</span></a> <div class="links"><div id="dayNightSwitch" class="generalWrapper" data-v-68728e36><a class="click" data-v-68728e36><div class="onOff daySwitch" data-v-68728e36><div class="star star1" data-v-68728e36></div> <div class="star star2" data-v-68728e36></div> <div class="star star3" data-v-68728e36></div> <div class="star star4" data-v-68728e36></div> <div class="star star5" data-v-68728e36></div> <div class="star sky" data-v-68728e36></div> <div class="sunMoon" data-v-68728e36><div class="crater crater1" data-v-68728e36></div> <div class="crater crater2" data-v-68728e36></div> <div class="crater crater3" data-v-68728e36></div> <div class="cloud part1" data-v-68728e36></div> <div class="cloud part2" data-v-68728e36></div></div></div></a></div> <div class="search-box"><i class="iconfont reco-search"></i> <input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/" class="nav-link"><i class="iconfont reco-home"></i>
  主页
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-category"></i>
      博客
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/categories/后端/" class="nav-link"><i class="iconfont undefined"></i>
  后端
</a></li><li class="dropdown-item"><!----> <a href="/categories/Java/" class="nav-link"><i class="iconfont undefined"></i>
  Java
</a></li><li class="dropdown-item"><!----> <a href="/categories/学习笔记/" class="nav-link"><i class="iconfont undefined"></i>
  学习笔记
</a></li><li class="dropdown-item"><!----> <a href="/categories/项目/" class="nav-link"><i class="iconfont undefined"></i>
  项目
</a></li><li class="dropdown-item"><!----> <a href="/categories/规范/" class="nav-link"><i class="iconfont undefined"></i>
  规范
</a></li></ul></div></div><div class="nav-item"><a href="/tag/" class="nav-link"><i class="iconfont reco-tag"></i>
  标签
</a></div><div class="nav-item"><a href="/timeline/" class="nav-link"><i class="iconfont reco-date"></i>
  时间轴
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-message"></i>
      关于
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://github.com/banxia-zyh" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-github"></i>
  GitHub
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div> <!----></nav></div></header> <div class="sidebar-mask" data-v-106e3130></div> <aside class="sidebar" data-v-106e3130><div class="personal-info-wrapper" data-v-d528efe2 data-v-106e3130><img src="https://pan.zealsay.com/avatar/20200606105310570000000.jpg" alt="author-avatar" class="personal-img" data-v-d528efe2> <h3 class="name" data-v-d528efe2>
    zhāngyùnhǎo
  </h3> <div class="num" data-v-d528efe2><div data-v-d528efe2><h3 data-v-d528efe2>23</h3> <h6 data-v-d528efe2>文章</h6></div> <div data-v-d528efe2><h3 data-v-d528efe2>21</h3> <h6 data-v-d528efe2>标签</h6></div></div> <hr data-v-d528efe2></div> <nav class="nav-links"><div class="nav-item"><a href="/" class="nav-link"><i class="iconfont reco-home"></i>
  主页
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-category"></i>
      博客
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="/categories/后端/" class="nav-link"><i class="iconfont undefined"></i>
  后端
</a></li><li class="dropdown-item"><!----> <a href="/categories/Java/" class="nav-link"><i class="iconfont undefined"></i>
  Java
</a></li><li class="dropdown-item"><!----> <a href="/categories/学习笔记/" class="nav-link"><i class="iconfont undefined"></i>
  学习笔记
</a></li><li class="dropdown-item"><!----> <a href="/categories/项目/" class="nav-link"><i class="iconfont undefined"></i>
  项目
</a></li><li class="dropdown-item"><!----> <a href="/categories/规范/" class="nav-link"><i class="iconfont undefined"></i>
  规范
</a></li></ul></div></div><div class="nav-item"><a href="/tag/" class="nav-link"><i class="iconfont reco-tag"></i>
  标签
</a></div><div class="nav-item"><a href="/timeline/" class="nav-link"><i class="iconfont reco-date"></i>
  时间轴
</a></div><div class="nav-item"><div class="dropdown-wrapper"><a class="dropdown-title"><span class="title"><i class="iconfont reco-message"></i>
      关于
    </span> <span class="arrow right"></span></a> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><!----> <a href="https://github.com/banxia-zyh" target="_blank" rel="noopener noreferrer" class="nav-link external"><i class="iconfont reco-github"></i>
  GitHub
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div></div> <!----></nav> <!----> </aside> <div class="password-shadow password-wrapper-in" style="display:none;" data-v-4d3be7b7 data-v-106e3130><h3 class="title" style="display:none;" data-v-4d3be7b7 data-v-4d3be7b7>SpringSceurity03-基本原理</h3> <!----> <label id="box" class="inputBox" style="display:none;" data-v-4d3be7b7 data-v-4d3be7b7><input type="password" value="" data-v-4d3be7b7> <span data-v-4d3be7b7>Konck! Knock!</span> <button data-v-4d3be7b7>OK</button></label> <div class="footer" style="display:none;" data-v-4d3be7b7 data-v-4d3be7b7><span data-v-4d3be7b7><i class="iconfont reco-theme" data-v-4d3be7b7></i> <a target="blank" href="https://vuepress-theme-reco.recoluan.com" data-v-4d3be7b7>vuePress-theme-reco</a></span> <span data-v-4d3be7b7><i class="iconfont reco-copyright" data-v-4d3be7b7></i> <a data-v-4d3be7b7><span data-v-4d3be7b7>zhāngyùnhǎo</span>
            
          <!---->
          2021
        </a></span></div></div></div> <div data-v-106e3130><main class="page"><div class="page-title" style="display:none;"><h1 class="title">SpringSceurity03-基本原理</h1> <div class="page-info" data-v-04a855f8><i class="iconfont reco-account" data-v-04a855f8><span data-v-04a855f8>zhāngyùnhǎo</span></i> <i class="iconfont reco-date" data-v-04a855f8><span data-v-04a855f8>2021-03-20</span></i> <!----> <i class="iconfont reco-tag tags" data-v-04a855f8><span class="tag-item" data-v-04a855f8>框架</span><span class="tag-item" data-v-04a855f8>spring</span><span class="tag-item" data-v-04a855f8>SpringSecurity</span><span class="tag-item" data-v-04a855f8>源码</span></i></div></div> <div class="theme-reco-content content__default" style="display:none;"><h2 id="springsecurity-基本原理"><a href="#springsecurity-基本原理" class="header-anchor">#</a> SpringSecurity 基本原理</h2> <p>SpringSecurity本质是一个过滤器链，通过查看源码，代码底层流程着重看三个过滤器：</p> <ul><li>FilterSecurityInterceptor 过滤器：该过滤器是过滤器链的最后一个过滤器，根据资源 权限配置来判断当前请求是否有权限访问对应的资源。如果访问受限会抛出相关异常，并 由 ExceptionTranslationFilter 过滤器进行捕获和处理。</li> <li>ExceptionTranslationFilter 过滤器：该过滤器不需要我们配置，对于前端提交的请求会 直接放行，捕获后续抛出的异常并进行处理（例如：权限访问限制）。</li> <li>UsernamePasswordAuthenticationFilter 过滤器：该过滤器会拦截前端提交的 POST 方式 的登录表单请求，并进行身份认证。</li></ul> <blockquote><p>过滤器介绍</p></blockquote> <p><strong>UsernamePasswordAuthenticationFilter</strong>：用于处理基于表单的登录请求，从表单中 获取用户名和密码。默认情况下处理来自 /login 的请求。从表单中获取用户名和密码 时，默认使用的表单 name 值为 username 和 password，这两个值可以通过设置这个 过滤器的 usernameParameter 和 passwordParameter 两个参数的值进行修改。</p> <p><strong>FilterSecurityInterceptor</strong>：可以看做过滤器链的出口。</p> <p>**ExceptionTranslationFilter：**处理 AccessDeniedException 和 AuthenticationException 异常。</p> <p>Spring Security 采取过滤链实现认证与授权，只有当前过滤器通过，才能进入下一个 过滤器：</p> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210425120311175.png" alt="image-20210425120311175"></p> <h2 id="springsecurity-认证流程"><a href="#springsecurity-认证流程" class="header-anchor">#</a> SpringSecurity 认证流程</h2> <p>认证流程是在 UsernamePasswordAuthenticationFilter 过滤器中处理的，具体流程如下 所示：</p> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210425120802870.png" alt="image-20210425120802870"></p> <p>当前端提交的是一个 POST 方式的登录表单请求，就会被该过滤器拦截，并进行身份认 证。该过滤器的 doFilter() 方法实现在其抽象父类</p> <h2 id="abstractauthenticationprocessingfilter"><a href="#abstractauthenticationprocessingfilter" class="header-anchor">#</a> AbstractAuthenticationProcessingFilter</h2> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token keyword">private</span> <span class="token keyword">void</span> <span class="token function">doFilter</span><span class="token punctuation">(</span><span class="token class-name">HttpServletRequest</span> request<span class="token punctuation">,</span> <span class="token class-name">HttpServletResponse</span> response<span class="token punctuation">,</span> <span class="token class-name">FilterChain</span> chain<span class="token punctuation">)</span>
			<span class="token keyword">throws</span> <span class="token class-name">IOException</span><span class="token punctuation">,</span> <span class="token class-name">ServletException</span> <span class="token punctuation">{</span>
		<span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token operator">!</span><span class="token function">requiresAuthentication</span><span class="token punctuation">(</span>request<span class="token punctuation">,</span> response<span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
			chain<span class="token punctuation">.</span><span class="token function">doFilter</span><span class="token punctuation">(</span>request<span class="token punctuation">,</span> response<span class="token punctuation">)</span><span class="token punctuation">;</span>
			<span class="token keyword">return</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span>
		<span class="token keyword">try</span> <span class="token punctuation">{</span>
			<span class="token class-name">Authentication</span> authenticationResult <span class="token operator">=</span> <span class="token function">attemptAuthentication</span><span class="token punctuation">(</span>request<span class="token punctuation">,</span> response<span class="token punctuation">)</span><span class="token punctuation">;</span>
			<span class="token keyword">if</span> <span class="token punctuation">(</span>authenticationResult <span class="token operator">==</span> <span class="token keyword">null</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
				<span class="token comment">// return immediately as subclass has indicated that it hasn't completed</span>
				<span class="token keyword">return</span><span class="token punctuation">;</span>
			<span class="token punctuation">}</span>
			<span class="token keyword">this</span><span class="token punctuation">.</span>sessionStrategy<span class="token punctuation">.</span><span class="token function">onAuthentication</span><span class="token punctuation">(</span>authenticationResult<span class="token punctuation">,</span> request<span class="token punctuation">,</span> response<span class="token punctuation">)</span><span class="token punctuation">;</span>
			<span class="token comment">// Authentication success</span>
			<span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span>continueChainBeforeSuccessfulAuthentication<span class="token punctuation">)</span> <span class="token punctuation">{</span>
				chain<span class="token punctuation">.</span><span class="token function">doFilter</span><span class="token punctuation">(</span>request<span class="token punctuation">,</span> response<span class="token punctuation">)</span><span class="token punctuation">;</span>
			<span class="token punctuation">}</span>
			<span class="token function">successfulAuthentication</span><span class="token punctuation">(</span>request<span class="token punctuation">,</span> response<span class="token punctuation">,</span> chain<span class="token punctuation">,</span> authenticationResult<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span>
		<span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">InternalAuthenticationServiceException</span> failed<span class="token punctuation">)</span> <span class="token punctuation">{</span>
			<span class="token keyword">this</span><span class="token punctuation">.</span>logger<span class="token punctuation">.</span><span class="token function">error</span><span class="token punctuation">(</span><span class="token string">&quot;An internal error occurred while trying to authenticate the user.&quot;</span><span class="token punctuation">,</span> failed<span class="token punctuation">)</span><span class="token punctuation">;</span>
			<span class="token function">unsuccessfulAuthentication</span><span class="token punctuation">(</span>request<span class="token punctuation">,</span> response<span class="token punctuation">,</span> failed<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span>
		<span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">AuthenticationException</span> ex<span class="token punctuation">)</span> <span class="token punctuation">{</span>
			<span class="token comment">// Authentication failed</span>
			<span class="token function">unsuccessfulAuthentication</span><span class="token punctuation">(</span>request<span class="token punctuation">,</span> response<span class="token punctuation">,</span> ex<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span>
	<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br><span class="line-number">19</span><br><span class="line-number">20</span><br><span class="line-number">21</span><br><span class="line-number">22</span><br><span class="line-number">23</span><br><span class="line-number">24</span><br><span class="line-number">25</span><br><span class="line-number">26</span><br><span class="line-number">27</span><br><span class="line-number">28</span><br></div></div><blockquote><p>第一  判断该请求是否为POST方式登录表单提交请求，如果不是则直接放行，否则进入下一个过滤器</p></blockquote> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426131807887.png" alt="image-20210426131807887"></p> <blockquote><p>第二  调用之类UsernamePasswordAuthenticationFilter重写的方法进行身份验证</p></blockquote> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426132200139.png" alt="image-20210426132200139"></p> <p>AuthenticationResult时用来存储用户认证信息的来，（后面会进行详细的介绍）</p> <blockquote><p>第三 Session策略处理（如果配置了用户Session最大并发数，就是在此处进行判断并处理）</p></blockquote> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426132734226.png" alt="image-20210426132734226"></p> <blockquote><p>第四 认证成功的处理</p></blockquote> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426132843298.png" alt="image-20210426132843298"></p> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426132918146.png" alt="image-20210426132918146"></p> <p>默认的continueChainBeforeSuccessfulAuthentication的值为false，所以认证成功后不会进入下一个过滤器</p> <blockquote><p>认证失败，调用认证失败的处理器</p></blockquote> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426133107261.png" alt="image-20210426133107261"></p> <p><strong>上述的 第二 过程调用了 UsernamePasswordAuthenticationFilter 的 attemptAuthentication() 方法，源码如下：</strong></p> <h2 id="usernamepasswordauthenticationfilter"><a href="#usernamepasswordauthenticationfilter" class="header-anchor">#</a> UsernamePasswordAuthenticationFilter</h2> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426134157490.png" alt="image-20210426134157490"></p> <p>默认表单用户名参数为username，默认密码参数为password，默认的请求方式只能为POST。</p> <p><strong>上述的doFilter() 方法调用此attemptAuthentication() 方法进行身份验证</strong></p> <div class="language-java line-numbers-mode"><pre class="language-java"><code><span class="token annotation punctuation">@Override</span>
	<span class="token keyword">public</span> <span class="token class-name">Authentication</span> <span class="token function">attemptAuthentication</span><span class="token punctuation">(</span><span class="token class-name">HttpServletRequest</span> request<span class="token punctuation">,</span> <span class="token class-name">HttpServletResponse</span> response<span class="token punctuation">)</span>
			<span class="token keyword">throws</span> <span class="token class-name">AuthenticationException</span> <span class="token punctuation">{</span>
		<span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token keyword">this</span><span class="token punctuation">.</span>postOnly <span class="token operator">&amp;&amp;</span> <span class="token operator">!</span>request<span class="token punctuation">.</span><span class="token function">getMethod</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">equals</span><span class="token punctuation">(</span><span class="token string">&quot;POST&quot;</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
			<span class="token keyword">throw</span> <span class="token keyword">new</span> <span class="token class-name">AuthenticationServiceException</span><span class="token punctuation">(</span><span class="token string">&quot;Authentication method not supported: &quot;</span> <span class="token operator">+</span> request<span class="token punctuation">.</span><span class="token function">getMethod</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span>
		<span class="token class-name">String</span> username <span class="token operator">=</span> <span class="token function">obtainUsername</span><span class="token punctuation">(</span>request<span class="token punctuation">)</span><span class="token punctuation">;</span>
		username <span class="token operator">=</span> <span class="token punctuation">(</span>username <span class="token operator">!=</span> <span class="token keyword">null</span><span class="token punctuation">)</span> <span class="token operator">?</span> username <span class="token operator">:</span> <span class="token string">&quot;&quot;</span><span class="token punctuation">;</span>
		username <span class="token operator">=</span> username<span class="token punctuation">.</span><span class="token function">trim</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">String</span> password <span class="token operator">=</span> <span class="token function">obtainPassword</span><span class="token punctuation">(</span>request<span class="token punctuation">)</span><span class="token punctuation">;</span>
		password <span class="token operator">=</span> <span class="token punctuation">(</span>password <span class="token operator">!=</span> <span class="token keyword">null</span><span class="token punctuation">)</span> <span class="token operator">?</span> password <span class="token operator">:</span> <span class="token string">&quot;&quot;</span><span class="token punctuation">;</span>
		<span class="token class-name">UsernamePasswordAuthenticationToken</span> authRequest <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">UsernamePasswordAuthenticationToken</span><span class="token punctuation">(</span>username<span class="token punctuation">,</span> password<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token comment">// Allow subclasses to set the &quot;details&quot; property</span>
		<span class="token function">setDetails</span><span class="token punctuation">(</span>request<span class="token punctuation">,</span> authRequest<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token keyword">return</span> <span class="token keyword">this</span><span class="token punctuation">.</span><span class="token function">getAuthenticationManager</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">authenticate</span><span class="token punctuation">(</span>authRequest<span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br></div></div><p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426134913204.png" alt="image-20210426134913204"></p> <p>在默认的情况下如果请求方式不是POST，会抛出异常</p> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426135855758.png" alt="image-20210426135855758"></p> <p>使用前端传入的username和password构造Authentication对象，标记该对象为未认证。</p> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426140127646.png" alt="image-20210426140127646"></p> <p>将请求中的一些属性信息设置到Authentication对象中，比如：remoteAddress，SessionId</p> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426140301736.png" alt="image-20210426140301736"></p> <p>调用ProviderManager类的authenticate()方法进行认证。</p> <p>上述的<strong>构造Authentication对象</strong>过程创建的 UsernamePasswordAuthenticationToken 是 Authentication 接口的实现类，该类有两个构造器，一个用于封装前端请求传入的未认 证的用户信息，一个用于封装认证成功后的用户信息：</p> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426140605386.png" alt="image-20210426140605386"></p> <p>Authentication 接口的实现类用于存储用户认证信息，查看该接口具体定义：</p> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210426140656216.png" alt="image-20210426140656216"></p> <h2 id="权限访问流程"><a href="#权限访问流程" class="header-anchor">#</a> 权限访问流程</h2> <p>上个部分通过源码的方式介绍了认证流程，下面介绍权限访问流程，主要是对<code>ExceptionTranslationFilter</code>过滤器和<code>FilterSecurityInterceptor</code>过滤器进行介绍。</p> <blockquote><p>ExceptionTranslationFilter</p></blockquote> <p>该过滤器是用于处理异常的，不需要我们配置，对于前端提交的请求会直接放行，捕获后续抛出的异常并进行处理（例如：权限访问限制）。</p> <h2 id="认证信息共享详解"><a href="#认证信息共享详解" class="header-anchor">#</a> 认证信息共享详解</h2> <p>一般认证成功后的用户信息是通过Session在多个请求之间共享，那么SpringSecurity中如何实现将已经认证的用户信息对象Authentication与Session绑定的呢 ？</p> <p><img src="https://cdn.jsdelivr.net/gh/banxia-zyh/img/img/image-20210409230646717.469919e6.png" alt="img"></p> <p>最后<a href="https://blog.csdn.net/weixin_37689658/article/details/92752890?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522161798175016780357215732%2522%252C%2522scm%2522%253A%252220140713.130102334..%2522%257D&amp;request_id=161798175016780357215732&amp;biz_id=0&amp;utm_medium=distribute.pc_search_result.none-task-blog-2~all~sobaiduend~default-1-92752890.first_rank_v2_pc_rank_v29&amp;utm_term=security%E6%89%A7%E8%A1%8C%E6%B5%81%E7%A8%8B" target="_blank" rel="noopener noreferrer">参考链接<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></p></div> <footer class="page-edit" style="display:none;"><!----> <!----></footer> <!----> <!----> <!----></main> <!----></div></div></div></div></div><div class="global-ui"><div class="back-to-ceiling" style="right:1rem;bottom:6rem;width:2.5rem;height:2.5rem;border-radius:.25rem;line-height:2.5rem;display:none;" data-v-c6073ba8 data-v-c6073ba8><svg t="1574745035067" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="5404" class="icon" data-v-c6073ba8><path d="M526.60727968 10.90185116a27.675 27.675 0 0 0-29.21455937 0c-131.36607665 82.28402758-218.69155461 228.01873535-218.69155402 394.07834331a462.20625001 462.20625001 0 0 0 5.36959153 69.94390903c1.00431239 6.55289093-0.34802892 13.13561351-3.76865779 18.80351572-32.63518765 54.11355614-51.75690182 118.55860487-51.7569018 187.94566865a371.06718723 371.06718723 0 0 0 11.50484808 91.98906777c6.53300375 25.50556257 41.68394495 28.14064038 52.69160883 4.22606766 17.37162448-37.73630017 42.14135425-72.50938081 72.80769204-103.21549295 2.18761121 3.04276886 4.15646224 6.24463696 6.40373557 9.22774369a1871.4375 1871.4375 0 0 0 140.04691725 5.34970492 1866.36093723 1866.36093723 0 0 0 140.04691723-5.34970492c2.24727335-2.98310674 4.21612437-6.18497483 6.3937923-9.2178004 30.66633723 30.70611158 55.4360664 65.4791928 72.80769147 103.21549355 11.00766384 23.91457269 46.15860503 21.27949489 52.69160879-4.22606768a371.15156223 371.15156223 0 0 0 11.514792-91.99901164c0-69.36717486-19.13165746-133.82216804-51.75690182-187.92578088-3.42062944-5.66790279-4.76302748-12.26056868-3.76865837-18.80351632a462.20625001 462.20625001 0 0 0 5.36959269-69.943909c-0.00994388-166.08943902-87.32547796-311.81420293-218.6915546-394.09823051zM605.93803103 357.87693858a93.93749974 93.93749974 0 1 1-187.89594924 6.1e-7 93.93749974 93.93749974 0 0 1 187.89594924-6.1e-7z" p-id="5405" data-v-c6073ba8></path><path d="M429.50777625 765.63860547C429.50777625 803.39355007 466.44236686 1000.39046097 512.00932183 1000.39046097c45.56695499 0 82.4922232-197.00623328 82.5015456-234.7518555 0-37.75494459-36.9345906-68.35043303-82.4922232-68.34111062-45.57627738-0.00932239-82.52019037 30.59548842-82.51086798 68.34111062z" p-id="5406" data-v-c6073ba8></path></svg></div></div></div>
    <script src="/assets/js/app.7fda9a6b.js" defer></script><script src="/assets/js/5.50d24cb4.js" defer></script><script src="/assets/js/1.28fd28d9.js" defer></script><script src="/assets/js/22.25a26fe7.js" defer></script>
  </body>
</html>
